VMware Cloud Community
RanjnaAggarwal
VMware Employee
VMware Employee

Encryption Used in .vmdk

Anyone who is aware about the encryption method that is used to encrypt the data in flat.vmdk?

Regards, Ranjna Aggarwal
Reply
0 Kudos
10 Replies
a_p_
Leadership
Leadership

Unless I'm mistaken .vmdk files can only be encrypted at the Hypervisor level in hosted products like VMware Workstation. For ESXi encryption needs to be done at the guest level (e.g. Bitlocker, TrueCrypt.)

André

Reply
0 Kudos
RanjnaAggarwal
VMware Employee
VMware Employee

but the flat.vmdk file that is in the datastore that is not in the clear text format that's in encrypted format. I want to know what is algorithm used to encrypt the guest os data in that file?

Regards, Ranjna Aggarwal
Reply
0 Kudos
a_p_
Leadership
Leadership

What you see is not an encrypted text, it's the binary information that you will also see on physical disk.

If you take a look at e.g. position 0x1b8 you will see the 4 bytes of the disk signature followed by "00 00" and the primary partition table, which ends with "55 AA" at position 0x1FE.

André

PS: This is how this looks like for Windows 7:

Win7-Diskedit.JPG

Reply
0 Kudos
RanjnaAggarwal
VMware Employee
VMware Employee

So these binary code helps in the .vmdk protection or not or anyone can translate those binary code and they can get this info what this data is actually?

Regards, Ranjna Aggarwal
Reply
0 Kudos
sakibpavel
Enthusiast
Enthusiast

I think the feature is in ACE now.

Sakibpavel 
Reply
0 Kudos
a_p_
Leadership
Leadership

Flat ,vmdk files are like physical disks. They contain the live data that anyone - who has access to it - could abuse. If you need protection, you'll need to do this within the guest.


André

Reply
0 Kudos
WoodyZ
Immortal
Immortal

sakibpavel wrote: I think the feature is in ACE now.

The VMware Ace Product has been discontinued as of December 2011 and really has nothing to do with what the OP is asking! Smiley Wink

@sakibpavel You should read what André is saying as it is addressing the issue just fine and on point and no need for you to interject irrelevant information!

Reply
0 Kudos
rickardnobel
Champion
Champion

Ranjna Aggarwal wrote:

anyone can translate those binary code and they can get this info what this data is actually?

What is always stored on the disk (virtual or physical) is binary data. Each "byte" on the disk is 8 binary bits and the exact use has only a meaning to the specific operating system and its internal file system.

My VMware blog: www.rickardnobel.se
Reply
0 Kudos
WoodyZ
Immortal
Immortal

Rickard Nobel wrote:

Ranjna Aggarwal wrote:

anyone can translate those binary code and they can get this info what this data is actually?

What is always stored on the disk (virtual or physical) is binary data. Each "byte" on the disk is 8 binary bits and the exact use has only a meaning to the specific operating system and its internal file system.

@RanjnaAggarwal,  I believe André has already addressed your concerns and to avoid any confusion with what rickardnobel has said understand the following...

Anyone with the knowledge and right tools and has access to an unencrypted virtual hard disk file has the ability to mount the .vmdk independent of the OS installed in the virtual hard disk and peruse its filesystem just as if looked at in the file manager from the OS installed and copy whatever one wanted to off of the virtual hard disk.  Additionally the more technically adept with the right tools doesn't even need to mount the disk but read the file and can extract usable information you might not what extracted.  So there is more then one way a .vmdk can be compromised if it is not encrypted and one has access to it.  So do as André already suggested, if you need to be protected then employ the proper encryption technologies as applicably to the use case scenario.

Reply
0 Kudos
sdpate
Contributor
Contributor

You can also use HighCloud to encrypt individual disks or the whole VM. We operate below the hypervisor and within the VM. The solution is free for up to 5 VMs.

For more information see www.highcloudsecurity.com

Disclaimer - I work for HighCloud

Reply
0 Kudos